vulnerability-scan

SUSPICIOUS. The skill is internally consistent as a security-audit skill and uses legitimate tooling, but it explicitly equips an AI agent with offensive security scanning capability, which is high risk by category. Supply-chain risk is moderate due to external CLIs and unpinned versions, but there is no strong evidence of malware, credential harvesting, or deceptive data routing.